JMS Technical Solutions, Inc.
The Talent Source
We have an opening for a Senior Manager, Cybersecurity Operations Architect.
This position may sit in any of our U.S. offices.
The Senior Manager, Cybersecurity Operations Architect is responsible for developing processes and technologies for the execution of the Firm’s security continuous monitoring capability. The primary responsibility is to establish a security event monitoring, management and response architecture to include, but not be limited to, assisting with the development of programs for enterprise logging, end user behavior analytics, and security metrics and reporting.
The Cybersecurity Operations Architect provides security subject matter leadership into the design & delivery of technical security architectures and development of standards and reference architectures. This includes creation, support, and facilitation of governing principles that guide security architecture decision making. The Security Operations Architect will participate into the development of security best practices to achieve the goals of the enterprise security architecture, as well as act as a liaison to other teams.
In this capacity, the Senior Manager, Cybersecurity Operations Architect will:
- Establish and manage a Security Operations technical architecture to provide 24x7x365 continuous monitoring and investigation of correlated security event feeds and the appropriate triage and escalation in case of an identified security events;
- Establish visibility across the Firm’s enterprise (ex. SIEM/UEBA, SOAR, ITSM, EDR, IPS/IDS, Active Directory, DNS, etc.);
- Perform threat and vulnerability management, threat modeling, identify threat vectors and develop use cases for security monitoring;
- Develop and institute measurement of security operations center performance metrics, reports, and dashboards; and
- Act as liaison and point of entry between Information Technology (IT) and managed security service providers ensuring the engagement of the appropriate leadership in to sustain the operations of critical security infrastructure and computer network defense capabilities.
In addition, the Cybersecurity Operations Architect will be expected to have experience with the following areas of responsibility:
- Experience in the development and coordination of implementation plans to modernize and optimize security operations capabilities;
- Experience managing security operations to monitor equipment for misconfigurations, anomalous activity, and network intrusion attempts;
- Monitor, detect, analyze, and respond to network defense incidents;
- Advanced technical skills and knowledge to implement, monitor and administer IT infrastructure using security best practices, policies and procedures (Firewalls, End Point Security, Proxies, WAFs, Vulnerability Management, I&AM, etc.);
- Significant expertise in Cybersecurity Operations and expert experience in one or more areas of Cybersecurity: Intrusion Detection and Mitigation, CyberNetwork Defense, Network Traffic Analysis or Operating System Security, Forensics, Incident Response, Cyber Threat Hunting, or Malware Analysis and Reverse Engineering;
- Understanding of SIEM/EUBA tools (e.g. Splunk, ArcSight) that encompasses utilization of the query language, configuration of data management, and operation of underlying infrastructure; and
- Familiar with various malware categories, their characteristics, and network-based indicators of compromise.
- At least 15 years of experience with cybersecurity or information technology;
- BS degree in Computer Science or related field;
- Strong, track record of implementing security architecture for complex solutions and ability to deliver results through partnering with stakeholders in IT and the business;
- Experience maintaining security operations metrics and SLAs;
- Detailed technical knowledge of network, database, and/or operating system security;
- Knowledge of NIST and other industry regulatory standards as they pertain to continuous monitoring and incident reporting;
- Experience with network security, networking technologies, and network monitoring tools;
- Working knowledge of IT processes (i.e., ITIL) including incident, problem, defect, change and release management;
- Experience with secure architecture principals, secure SDLC, security system integration and configurations, and troubleshooting; and
- Management skills, communication skills, human relation skills, organizational skills and analytical skills as well as proven information security leadership experience in a medium-to-large organization.